Nom du paquet
hylafax
Date
2005-10-07
Advisory ID
MDKSA-2005:177
Affected versions
2006.0 i586 , CS2.1 i586 , 10.2 i586 , 10.1 i586 , CS2.1 x86_64 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64 , 10.1 x86_64

Problem description

faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. (CAN-2005-3069) In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. (CAN-2005-3070) The updated packages have been patched to correct these issues.

Updated packages

2006.0 i586

 8e97d7f9a84998a8c067c4b6185931cc  2006.0/RPMS/hylafax-4.2.1-2.1.20060mdk.i586.rpm
3d61efb5c464b443ac8ed26310a9db46  2006.0/RPMS/hylafax-client-4.2.1-2.1.20060mdk.i586.rpm
a42170bbc1d3acebe176dc6beb286c40  2006.0/RPMS/hylafax-server-4.2.1-2.1.20060mdk.i586.rpm
ffca2d97b9de37c2f07af1f8b5a556bf  2006.0/RPMS/libhylafax4.2.0-4.2.1-2.1.20060mdk.i586.rpm
54b789ce44dffb9b22d6777d8796d264  2006.0/RPMS/libhylafax4.2.0-devel-4.2.1-2.1.20060mdk.i586.rpm
3d78c1a88aecbd9d6ae0a947cf2eaa29  2006.0/SRPMS/hylafax-4.2.1-2.1.20060mdk.src.rpm

CS2.1 i586

 e0e77173d66d6a0c31ffc84cd40a4253  corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.i586.rpm
6f38a677c369b3a2110bd508a2a439e3  corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.i586.rpm
fce937eeb3257adefe370294bbb8516e  corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.i586.rpm
bfe2fedab3fdbbb726995e4a6e4a93ac  corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.i586.rpm
c4b2bb4b1ab084a2949a934978a33d7f  corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.i586.rpm
763f4270d854d27b53c83c378bf81151  corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm

10.2 i586

 55a1638f62262ff6a156006a460ef681  10.2/RPMS/hylafax-4.2.0-3.1.102mdk.i586.rpm
d02bb11c38379885513c742cf09212c0  10.2/RPMS/hylafax-client-4.2.0-3.1.102mdk.i586.rpm
d425b48947dc0bc5dc78b5512bf06fb9  10.2/RPMS/hylafax-server-4.2.0-3.1.102mdk.i586.rpm
0652d1bca7a8904a9443c1e88939a9ee  10.2/RPMS/libhylafax4.2.0-4.2.0-3.1.102mdk.i586.rpm
71f742c2355201f94130bfc0febfcfd1  10.2/RPMS/libhylafax4.2.0-devel-4.2.0-3.1.102mdk.i586.rpm
f8e2073acf5408bf8b55b3d22e55e2b2  10.2/SRPMS/hylafax-4.2.0-3.1.102mdk.src.rpm

10.1 i586

 f7ca9274944776e0c8a697b77cc517ea  10.1/RPMS/hylafax-4.2.0-1.3.101mdk.i586.rpm
c49a39ddf8151f10b06b0ac70dc9c3e8  10.1/RPMS/hylafax-client-4.2.0-1.3.101mdk.i586.rpm
77211d2fe0790d276694b1cf3d2d855c  10.1/RPMS/hylafax-server-4.2.0-1.3.101mdk.i586.rpm
aaaca7a343600961e87f6c6e4ead0c8d  10.1/RPMS/libhylafax4.2.0-4.2.0-1.3.101mdk.i586.rpm
da5bce1b0c53e298dcd7cb5ef0dbab5d  10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.3.101mdk.i586.rpm
ca2bdc57603dda7f982c59626d9e2a02  10.1/SRPMS/hylafax-4.2.0-1.3.101mdk.src.rpm

CS2.1 x86_64

 213b760b160484b8e17e5da32f974048  x86_64/corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.x86_64.rpm
a4069af7c182c925844fcdcbad0b6ad6  x86_64/corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.x86_64.rpm
840537452b7e5dcc83e36d72e5b9071f  x86_64/corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.x86_64.rpm
2897c385ffe1e5c5ee76d01114ad6bee  x86_64/corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.x86_64.rpm
674cef6c3e5b272e048218eb5e6ca8a2  x86_64/corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.x86_64.rpm
763f4270d854d27b53c83c378bf81151  x86_64/corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm

CS3.0 x86_64

 1e12ff7fbbcf33edc62482e5335235ae  x86_64/corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.x86_64.rpm
7b519165eb5b6c1fd8f70abc822f44c8  x86_64/corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.x86_64.rpm
d83092b4fec23beec97c7fde051d9313  x86_64/corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.x86_64.rpm
caf5f33b0eb919237378a1a683d5a933  x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-4.1.8-2.3.C30mdk.x86_64.rpm
3a5b5836bb53c4ace02d15c1a13d0086  x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.3.C30mdk.x86_64.rpm
97e37c030a7cebe18b11f661f970d23e  x86_64/corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm

CS3.0 i586

 2d17a03f1ef3f420981fea8bf5ebc6ff  corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.i586.rpm
ef93ab687c830d4699419eed55871c1d  corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.i586.rpm
8faf097e36be844cb3c8a4fcc7c75649  corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.i586.rpm
3c90cd27d8ea5425c3ebc9e6ee492b18  corporate/3.0/RPMS/libhylafax4.1.1-4.1.8-2.3.C30mdk.i586.rpm
c01ef9626e435416defde272371e87a9  corporate/3.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.3.C30mdk.i586.rpm
97e37c030a7cebe18b11f661f970d23e  corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm

10.2 x86_64

 80b93124024f35ac604bca04c2157b6b  x86_64/10.2/RPMS/hylafax-4.2.0-3.1.102mdk.x86_64.rpm
54de1417816622492047cd95fcd192d1  x86_64/10.2/RPMS/hylafax-client-4.2.0-3.1.102mdk.x86_64.rpm
2682977698f5665e0bfde4f04123d817  x86_64/10.2/RPMS/hylafax-server-4.2.0-3.1.102mdk.x86_64.rpm
30820c2cbf827ff91e55c6c29ec795a7  x86_64/10.2/RPMS/lib64hylafax4.2.0-4.2.0-3.1.102mdk.x86_64.rpm
d8aae5eacf14c4f8321512e8c2696542  x86_64/10.2/RPMS/lib64hylafax4.2.0-devel-4.2.0-3.1.102mdk.x86_64.rpm
f8e2073acf5408bf8b55b3d22e55e2b2  x86_64/10.2/SRPMS/hylafax-4.2.0-3.1.102mdk.src.rpm

2006.0 x86_64

 39a1e3bf1a63d33b424888a4a5c7faac  x86_64/2006.0/RPMS/hylafax-4.2.1-2.1.20060mdk.x86_64.rpm
4908c196d94d4bc72e1e79091ca7a098  x86_64/2006.0/RPMS/hylafax-client-4.2.1-2.1.20060mdk.x86_64.rpm
7f9ea9edf76faf3f3b917c96d8110ed5  x86_64/2006.0/RPMS/hylafax-server-4.2.1-2.1.20060mdk.x86_64.rpm
af2ec227f9d5b98b53c94bff68e47c50  x86_64/2006.0/RPMS/lib64hylafax4.2.0-4.2.1-2.1.20060mdk.x86_64.rpm
6840b4ff77f07090faa5b32620c05afe  x86_64/2006.0/RPMS/lib64hylafax4.2.0-devel-4.2.1-2.1.20060mdk.x86_64.rpm
3d78c1a88aecbd9d6ae0a947cf2eaa29  x86_64/2006.0/SRPMS/hylafax-4.2.1-2.1.20060mdk.src.rpm

10.1 x86_64

 35f7d808588e1d9ad5b8de2c9e5c8cb0  x86_64/10.1/RPMS/hylafax-4.2.0-1.3.101mdk.x86_64.rpm
1b8a373e8d1d005b4b14124dba7b5df1  x86_64/10.1/RPMS/hylafax-client-4.2.0-1.3.101mdk.x86_64.rpm
5f169d7d2377d8066e2d13c771d431eb  x86_64/10.1/RPMS/hylafax-server-4.2.0-1.3.101mdk.x86_64.rpm
677f9360dcdfca9f86967ad4c6f738f1  x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.3.101mdk.x86_64.rpm
e2185b51d1d9568ccca76e37cd99e98b  x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.3.101mdk.x86_64.rpm
ca2bdc57603dda7f982c59626d9e2a02  x86_64/10.1/SRPMS/hylafax-4.2.0-1.3.101mdk.src.rpm

References